rawi
2017-Jan-26 14:00 UTC
[Samba] [4.3.11-Ubuntu] SMBD keeps Locks on NTUSER.DAT and ntuser.ini after logout
After having migrated my machines and user to Samba 4.3.11 on Ubuntu 16.04.1 (no domain upgrade, new provision, all accounts new defined) and old data copied over to the new machines, I have now a broader testbed and notice issues I didn't see prior to that. Having roaming profiles (defined in the user object in LDB)... Seemingly at random smbd keeps locks on NTUSER.DAT and ntuser.ini for a random time (from minutes to over 2 hours). In this time it is not possible for the user affected to login any more (from any machine). Error is: "The User Profile Service failed the sign-in" The only solution is to call me and I kill then the process on the server. Sure, this is not a prospect with pleasant ending. On the (member) file server I see: Locked files: Pid Uid DenyMode Access R/W Oplock SharePath Name Time -------------------------------------------------------------------------------------------------- 14398 9009 DENY_NONE 0x100081 RDONLY NONE /mnt/SRVDATA_crypt/samba/home/user_w81 . Wed Jan 25 16:49:28 2017 14398 9009 DENY_NONE 0x1000a0 RDONLY NONE /mnt/SRVDATA_crypt/samba/institute . Wed Jan 25 09:46:33 2017 14398 9009 DENY_NONE 0x120089 RDONLY EXCLUSIVE+BATCH /mnt/SRVDATA_crypt/samba/home/user_w81 winprofile.V2/ntuser.ini Wed Jan 25 17:31:08 2017 14398 9009 DENY_WRITE 0x12019f RDWR EXCLUSIVE+BATCH /mnt/SRVDATA_crypt/samba/home/user_w81 winprofile.V2/NTUSER.DAT Wed Jan 25 17:31:08 2017 The Clients are mostly Windows 8.1 (they connect with SMB3_02), a couple of Windows 7 (they connect with SMB2_10) a couple of Windows XP (they connect with NT1) and my linux cifs mount (NT1) I have the gut feeling, that SMB3_02 is mostly affected (but that's also the majority of my machines) and it comes more often, if the user does a shutdown than simply a logout (difficult to say, I'd need more observations). I saw today also a Windows 7 for about 15 minutes after shutdown keeping ntuser.ini open, but without Locked files. The user could login from another machine without problems 9979 9031 DENY_NONE 0x100081 RDONLY NONE /mnt/SRVDATA_crypt/samba/home/user_w7 . Wed Jan 25 20:25:04 2017 9979 9031 DENY_NONE 0x120089 RDONLY NONE /mnt/SRVDATA_crypt/samba/home/user_w7 winprofile.V2/ntuser.ini Thu Jan 26 11:00:17 2017 I have fake oplocks = No kernel oplocks = No level2 oplocks = Yes oplocks = Yes reset on zero vc = Yes. (This doesn't help. Making a login with another user on the same machine didn't break the former Lock) The same user won't be always affected. At the moment I think to try desperately either - to restrict the client max protocol to lower (NT1?), or - to set veto oplock files = /NTUSER.DAT/ntuser.ini for the Homes share ... unless someone of you knows the problem and has a probed solution. Please, what do you think about this? Thanks rawi -- View this message in context: http://samba.2283325.n4.nabble.com/4-3-11-Ubuntu-SMBD-keeps-Locks-on-NTUSER-DAT-and-ntuser-ini-after-logout-tp4714018.html Sent from the Samba - General mailing list archive at Nabble.com.
rawi
2017-Jan-27 11:24 UTC
[Samba] [4.3.11-Ubuntu] SMBD keeps Locks on NTUSER.DAT and ntuser.ini after logout
rawi wrote> After having migrated my machines and user to Samba 4.3.11 on Ubuntu > 16.04.1 (no domain upgrade, new provision, all accounts new defined) and > old data copied over to the new machines, I have now a broader testbed and > notice issues I didn't see prior to that. > > Having roaming profiles (defined in the user object in LDB)... > > Seemingly at random smbd keeps locks on NTUSER.DAT and ntuser.ini for a > random time (from minutes to over 2 hours). > In this time it is not possible for the user affected to login any more > (from any machine). > Error is: "The User Profile Service failed the sign-in" > The only solution is to call me and I kill then the process on the server. > > Sure, this is not a prospect with pleasant ending. > > On the (member) file server I see: > > Locked files: > Pid Uid DenyMode Access R/W Oplock > SharePath Name Time > -------------------------------------------------------------------------------------------------- > 14398 9009 DENY_NONE 0x100081 RDONLY NONE > /mnt/SRVDATA_crypt/samba/home/user_w81 . Wed Jan 25 16:49:28 2017 > 14398 9009 DENY_NONE 0x1000a0 RDONLY NONE > /mnt/SRVDATA_crypt/samba/institute . Wed Jan 25 09:46:33 2017 > 14398 9009 DENY_NONE 0x120089 RDONLY EXCLUSIVE+BATCH > /mnt/SRVDATA_crypt/samba/home/user_w81 winprofile.V2/ntuser.ini Wed > Jan 25 17:31:08 2017 > 14398 9009 DENY_WRITE 0x12019f RDWR EXCLUSIVE+BATCH > /mnt/SRVDATA_crypt/samba/home/user_w81 winprofile.V2/NTUSER.DAT Wed > Jan 25 17:31:08 2017 > > The Clients are mostly Windows 8.1 (they connect with SMB3_02), > a couple of Windows 7 (they connect with SMB2_10) > a couple of Windows XP (they connect with NT1) > and my linux cifs mount (NT1) > > I have the gut feeling, that SMB3_02 is mostly affected (but that's also > the majority of my machines) and it comes more often, if the user does a > shutdown than simply a logout (difficult to say, I'd need more > observations). > > I saw today also a Windows 7 for about 15 minutes after shutdown keeping > ntuser.ini open, but without Locked files. The user could login from > another machine without problems > > 9979 9031 DENY_NONE 0x100081 RDONLY NONE > /mnt/SRVDATA_crypt/samba/home/user_w7 . Wed Jan 25 20:25:04 2017 > 9979 9031 DENY_NONE 0x120089 RDONLY NONE > /mnt/SRVDATA_crypt/samba/home/user_w7 winprofile.V2/ntuser.ini Thu Jan > 26 11:00:17 2017 > > I have > fake oplocks = No > kernel oplocks = No > level2 oplocks = Yes > oplocks = Yes > reset on zero vc = Yes. (This doesn't help. Making a login with another > user on the same machine didn't break the former Lock) > > The same user won't be always affected. > > At the moment I think to try desperately either > - to restrict the client max protocol to lower (NT1?), or > - to set veto oplock files = /NTUSER.DAT/ntuser.ini for the Homes share > > ... unless someone of you knows the problem and has a probed solution. > > Please, what do you think about this? > > Thanks > > rawiHi everybody, I'm bumping this issue, because I have new insights in the matter, but still no elegant solution. 1. NTUSER.DAT stays locked ONLY WHEN THE USER IS DOING A SHUTDOWN. The Windows 7 and 8.1 machines (using SMB2 and SMB3 protocols) are going off before the logout process is completed. If the user makes ONLY A LOGOFF, it takes about 20-30 seconds until his smbd disappears from the list (smbstatus -b), without leaving locked files. This never happened in the old NT domain. Still now with AD, it is no problem if I directly shutdown a WindowsXP (connected with NT1 protocol) 2. Setting... - client max protocol = NT1 (on the member file server) and - kill -HUP <PARENT-SMBD> ... won't be honored. The Windows 8.1 machines will still connect with SMB3. How to let them connect with NT1 (even only for a test)? Any thoughts further? Thanks! Regards rawi -- View this message in context: http://samba.2283325.n4.nabble.com/4-3-11-Ubuntu-SMBD-keeps-Locks-on-NTUSER-DAT-and-ntuser-ini-after-logout-tp4714018p4714056.html Sent from the Samba - General mailing list archive at Nabble.com.